Beware of scammers impersonating energy and telecommunications companies | Scamwatch

Beware of scammers impersonating energy and telecommunications companies | Scamwatch:

Beware of scammers impersonating energy and telecommunications companies 24 April 2018 The ACCC is warning consumers to beware of scammers impersonating energy and telecommunications providers and demanding payments.

Scamwatch has received 5000 reports of fake billing scams in the last 12 months, with reported losses of close to $8000.

“The scammers typically impersonate well known companies such as Origin, AGL, Telstra and Optus via email, to fool people into assuming the bills are real,” ACCC Deputy Chair Delia Rickard said.

“They send bulk emails or letters which include a logo and design features closely copied from the genuine provider. The bill states the account is overdue and if not paid immediately the customer will incur late charges or be disconnected.”

Three Steps to Securing Your Online Documents

Google Drive & Docs
Google Drive & Docs

You want your documents and data to be secure, accessible everywhere and easy to access. As the saying goes, You can have any two of those requirements you want, but never all three at once. It is simply impossible to have all three. Unfortunately, most people choose easy over secure, and then complain bitterly when their documents are stolen and made public. Or simply deleted.

The dream of instant access to all of you documents is now a reality with cloud based services such as Google Docs and Drive, Dropbox and a host of other services.

You can sit down at any computer or tablet and access almost all your documents immediately.

But there is a downside to that. Others can also access documents from the cloud if they have your login details. They can access your documents if they can access your computer.

So how do you ensure the security of cloud hosted documents? Let’s look at the ups and downs of adequate security.

1. Choose a Good Password

Number one on the list is the level of security we have on our cloud account. The most obvious question is, how good is your password? If your password is 123456 or monkey, secret, letmein or similar, you have a major problem. Security breaches over the last few years have resulted in millions of passwords being leaked. These passwords have been analysed by both good guys and bad guys, and now everyone knows the million or so most used passwords.

For the curious, I have listed the 12 most common passwords of 2013. If you are using one of these, bow your head is shame, and know that any time a hacker wants your data, he will have it in minutes…

  1. password
  2. 123456
  3. 12345678
  4. abc123
  5. qwerty
  6. monkey
  7. letmein
  8. dragon
  9. 111111
  10. baseball
  11. iloveyou
  12. trustno1
Lastpass Password Manager
Lastpass Password Manager

Clever passwords are not so clever. If you think s3cret is more secure that secret, think again m0nkey and monkey are pretty much the same when someone decides to use a password list of a million common passwords to crack your account. Use a long, random, different password for every site you visit. If you cannot remember passwords, use a password manager app or plugin for your computer or browser. I use Lastpass, and have had no problems with it. I let Lastpass generate passwords for me. Lastpass is highly respected, well designed and a Trust No One (TNO) app. Lastpass cannot give your passwords to anyone, because they do not have them. they are encrypted for everyone but you.

Don’t Save The Password on Your Computer. Do NOT write your passwords down in a file named Passwords and save it on your desktop. Just read about the Sony hack to find the down side of that approach.

Add Two Factor Authentication

Then, for better security add two-factor authentication.

Google Authenticator
Google Authenticator

For Google, Dropbox and Lastpass, and many more online services, an authenticator app like Google Authenticator or Authy work perfectly. I prefer Authy because I can make it require a PIN when it starts up. There is a little effort involved in getting an Authenticator working, but they are well documented. Just be prepared to spend 10 or 15 minutes setting it up on your devices

Authenticator
Authenticator

You need the app running on your phone or tablet, preferably both, and when you log into your cloud service from a new computer, or every few weeks, you must authenticate by providing a six-digit code that changes every 30 seconds. This means you need the password and the mobile phone with the authenticator to log into your cloud account.

Print out a few “Get out of jail” keys so you can log in without your device in an emergency. But secure these printed keys well. See the documentation for your cloud provider.

Secure Your Computer, Phone  and Tablet

Authenticator App
Authenticator App

This makes it very difficult to get into your cloud accounts from another computer. However is someone steals your laptop, phone or tablet while they are unlocked, they will have access.

So make sure you have a password or PIN that is strong enough to keep a thief out. Ensure that a PIN or password is required to access your computer whenever it starts or comes out of standby.

Remember, if someone steals your phone and can access your cloud accounts and your  Authenticator, they can change the password. So keep that phone or tablet secure.

I always close the lid of my laptop or HP Chromebook 11 when I walk away from it is a shared space. In fact I rarely get more than a couple of meters away in public or shared space.

I have made a habit of putting everything into a pocket or bag when I put it down in a public or shared space. Basically I treat a laptop, phone or tablet the way I treat cash. I NEVER leave it lying around unattended.

Here is an example of why…

If you work in an office or have a desktop computer, make sure you lock it when you get up and walk away. Having a screensaver that locks it after a few minutes is probably enough in an office environment. I work largely alone in my home office, so I simply set

Chromebook Lock Button
Chromebook Lock Button

the screensaver to come on after five minutes. If I was is a co-working space or an office with a lot of people, I would (and have) activated the screensaver manually when I walk away. This is easy to do on computers running Linux. I think it also an option on later versions of Windows. On Chromebooks and Chromeboxes, it is in the bottom right corner of the status window.

Remember the simple security rule. If someone can access your unsecured hardware, they can do pretty much anything. A running, logged in PC is the crown jewels for a thief. Don’t assume everyone in your office is trustworthy.

Follow these three steps, and you will be well on the way to having secure and safe access to your cloud based files and documents.

There is a price. It takes a little longer to log into your account, there is a bit more friction. But after a few days it becomes second nature.

Enjoy! – Phil Stephens

Beware the “Awesome Screenshot” Extension for Chrome, Firefox, Safari

Awsome Sceenshot Page
Awsome Sceenshot Page

This seemingly innocent plugin that allows the capture and annotatiuon of screenshots has been caught with it’s hand in the till, according to mig5.net. I caught onto this story courtesy of the Chrome Story Blog.

Awsome Screenshot Access
Awsome Screenshot Access

Basically the Awsome Screenshot plugin spies on all the web sites and pages you visit, sends the data back to servers for storage, and at a later date a web-crawler identifying itself as “niki-bot” begins scanning those pages. The purpose is not clear, but the terms of service for “Awesome Screenshot” states:

When users access the software, certain non-personally and personally identifiable information (the “User Information”) may be collected, stored and used for business and marketing purposes, such as maintaining and improving the Services, conducting research, and monetization. This User Information includes, without limitation: IP address, unique identifier number, operating system, browser information, URLs visited, data from URLs loaded and pages viewed, search queries entered, social connections, profile properties, contact details, usage data, and other behavioral, software and hardware information. If you access the Services from a mobile or other device, we may collect a unique device identifier assigned to that device or other information for that device in order to serve content to it. This collected data may also be supplemented with information obtained from third parties or submitted by users.

Awsome Screenshot Logo
Awsome Screenshot Logo

My advice would be to run, do not walk to your computer and remove the Awsome Screenshot plugin immediately!

Thank you to the sites mentioned above for doing the detective work on this one!

 

User Account Control Settings – Windows

User Account Control (UAC) settings in Windows Vista and Windows 7 seem like an annoyance rather than a benefit to Windows users. There are  many web sites telling users how to turn UAC off. However the UAC warning:

Is a vital tool in maintaining the security of your computer. It ensures that you know when a program is attempting to make changes. If you are trying to install a program, you expect the warning. But if you see a message like this when you are visiting a web site, or reading e-mail it is a warning that something is being done without you requesting it.

Simply cancelling the request will keep your computer safe.

To maximise your safety, increase the level of notification from UAC to the maximum.

How to Raise UAC to the highest setting

1) Click on the Start button or hit the Windows key.

2) type UAC in the “search programs and files” box

3) Click on the “Change User Account Control Settings” option (it should be the first choice)

4) Push the Slider up to the highest setting

5) Click OK, and you are done.

This will ensure nothing makes changes to your computer without notifying you. and remember, ALWAYS read those notifications before clicking on them. A malicious program, once installed can be an expensive mistake.

What Else Can I Do?

There is lots more, and we will post about them here, but with these three things, and common sense, you will enjoy a safe and secure Windows computer.